From owner-freebsd-hackers Fri May 31 15:54:55 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wartch.sapros.com (rularan.sapros.com [204.182.55.17]) by hub.freebsd.org (Postfix) with ESMTP id 4D2DC37B409 for ; Fri, 31 May 2002 15:54:51 -0700 (PDT) Received: from wartch.sapros.com (localhost [127.0.0.1]) by wartch.sapros.com (8.12.3/8.12.3) with ESMTP id g4VMrfvj058112; Fri, 31 May 2002 15:54:42 -0700 (PDT) (envelope-from peterh@wartch.sapros.com) Message-Id: <200205312254.g4VMrfvj058112@wartch.sapros.com> To: Terry Lambert Cc: hackers@freebsd.org Subject: Broken IPv6 DNS servers (Was: Is gethostbyname2() reentrant?) Date: Fri, 31 May 2002 15:53:41 -0700 From: Peter Haight Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Yeah. I'm in the middle of the Mozilla code base as you probably remember, trying to fix the problem of these bad DNS servers. I did complain to the technical administrators for the ones that were giving me problems, but I've only received form letter replies and they are still broken. I also saw the recent sendmail thread on the same issue. It just isn't acceptable to users to have a 90 second wait for these broken DNS servers. I really wish we could come up with some fix below the application level. Mozilla was already using the apartment model for operating systems that do not have a reentrant gethostbyname2(). I did make a patch for Mozilla that lets it do async dns on systems that have a reentrant gethostbyname2(), but obviously that doesn't help on FreeBSD. Perhaps we can come up with some acceptable change to the gethostbyname2() implementation that will deal with these broken DNS servers without causing problems for the end users or violating the 'correct' behaviour. How about this change to the gethostbyname2() implementation. First it fires off an AAAA request and if it doesn't get a reply in 5 seconds, then fire off an A request to the same server. If it gets a reply to the A request, it writes a message to syslog complaining about a broken DNS server. If it doesn't get a reply to the A request, it can just do the standard timeout thing. This should give you correct results in the case the DNS server is really broken and speed up the results in the case where the DNS server just suffers from this AAAA bug. Admittedly, you could have a problem where the AAAA reply has been sent but lost or delayed for more than 5 seconds, but that seems like a lesser problem than making the user wait 90 seconds or failing to deliver email. We could make this algorithm dependent on a sysctl variable that is off by default, but you could turn it on if you are having lots of problems with IPv6 lookups. Any other suggestions? Please don't tell me to complain to the owner of the DNS servers. I have done that. If you feel that is the proper solution, please complain yourself to matthew_r_walker@VANGUARD.COM who is the Technical Contact for vanguard's domain. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message